Shmoocon 2006: VoIP WiFi phone security analysis

Shawn Merdinger gave a presentation on his personal research project covering the security of VoIP WiFi phones. For his initial investigation he is employing a “level one” methodology. These would be attacks from a low to medium skilled hacker, a hacker’s “first look” at the device: looking for open ports, finding developer left-overs, and misusing features. One thing that was common across all phones is how easily they succumb to DOS attacks. He talked about the issues with several specific phones. Many left open port 17185, which is the VxWorks database debug port. The favorite was the Clipcomm CPW-100E which provides unauthenticated access to debugging accounts letting you read call logs and even place calls, turning it into a remote listening device. You can hear Shawn talk about his project on Blue Box Podcast #13. Blue Box also has a copy of Shawn’s detailed slides. Here’s a list of the new phone security threats released a Shmoocon.